Half-a-dozen typosquatted npm packages have been leveraged by North Korean hacking collective Lazarus Group to facilitate data compromise in a new developer-targeted attack campaign, reports Hackread.
Socket researchers found that aside from exfiltrating system information, all of the malicious packages impersonating widely-used utilities and libraries — which have amassed almost 330 downloads before being removed from the npm software repository — also enabled credential and cryptocurrency asset theft through the targeting of browser profiles and Solana and Exodus wallet files. Attacks also allowed the delivery of the InvisibleFerret backdoor and other malicious payloads, said Socket researchers.
These findings are indicative of threat actors' increased exploitation of npm packages becasue of developers' excessive trust on open-source repositories, said Ensar Seker, chief security officer at SOCRadar, who warned that the attack of Lazarus Group could permit lateral movement to compromise other organizations.
